Command Reference
Page 2
...and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, ...OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE ...
...and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, ...OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE ...
Command Reference
Page 27
...Using the Command-Line Interface The Catalyst 3560 switch is a specific reference to configure software features. For information on Cisco IOS Release 12.2, see Appendix C, "Catalyst 3560 Switch Show Platform Commands." Command modes support specific Cisco IOS commands. These are the main command modes for this document..., IP refers to IP version 4 (IPv4) unless there is supported by Cisco IOS software. In this release. For a complete...
...Using the Command-Line Interface The Catalyst 3560 switch is a specific reference to configure software features. For information on Cisco IOS Release 12.2, see Appendix C, "Catalyst 3560 Switch Show Platform Commands." Command modes support specific Cisco IOS commands. These are the main command modes for this document..., IP refers to IP version 4 (IPv4) unless there is supported by Cisco IOS software. In this release. For a complete...
Command Reference
Page 33
...group and group keywords. Send a start accounting notice was received by the accounting server. CH A P T E R 2 Catalyst 3560 Switch Cisco IOS Commands aaa accounting dot1x Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to ... it after the broadcast group and group keywords. The requested-user process begins regardless of backup servers to create method lists defining specific accounting methods on a per-line or per-interface basis for IEEE 802.1x sessions. These are valid server group names: ...
...group and group keywords. Send a start accounting notice was received by the accounting server. CH A P T E R 2 Catalyst 3560 Switch Cisco IOS Commands aaa accounting dot1x Use the aaa accounting dot1x global configuration command to enable authentication, authorization, and accounting (AAA) accounting and to ... it after the broadcast group and group keywords. The requested-user process begins regardless of backup servers to create method lists defining specific accounting methods on a per-line or per-interface basis for IEEE 802.1x sessions. These are valid server group names: ...
Command Reference
Page 45
...be stored on the server. archive upload-sw [/version version_string] destination-url Syntax Description /version version_string destination-url (Optional) Specify the specific version string of software image to be uploaded. Image names are uploaded, the software creates the tar file. These options are uploaded in... this sequence: the Cisco IOS image, the HTML files, and info. Usage Guidelines Use the upload feature only if the HTML files associated with the embedded...
...be stored on the server. archive upload-sw [/version version_string] destination-url Syntax Description /version version_string destination-url (Optional) Specify the specific version string of software image to be uploaded. Image names are uploaded, the software creates the tar file. These options are uploaded in... this sequence: the Cisco IOS image, the HTML files, and info. Usage Guidelines Use the upload feature only if the HTML files associated with the embedded...
Command Reference
Page 76
clear mac address-table Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Use the clear mac address-table privileged EXEC command to delete from the dynamic address table: Switch# clear mac ... port channel. (Optional) Delete all dynamic addresses on a particular interface, or all dynamic MAC addresses for the specified VLAN. Defaults No default is 1 to remove a specific MAC address from the MAC address table a specific dynamic address, all dynamic addresses on a particular VLAN.
clear mac address-table Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Use the clear mac address-table privileged EXEC command to delete from the dynamic address table: Switch# clear mac ... port channel. (Optional) Delete all dynamic addresses on a particular interface, or all dynamic MAC addresses for the specified VLAN. Defaults No default is 1 to remove a specific MAC address from the MAC address table a specific dynamic address, all dynamic addresses on a particular VLAN.
Command Reference
Page 77
...address table static and dynamic entries. Displays the MAC address notification settings for all interfaces or the specified interface. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Related Commands Command mac address-table notification show mac address-table show mac address-table notification snmp trap mac...-notification Description Enables the MAC address notification feature. Enables the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-45
...address table static and dynamic entries. Displays the MAC address notification settings for all interfaces or the specified interface. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear mac address-table Related Commands Command mac address-table notification show mac address-table show mac address-table notification snmp trap mac...-notification Description Enables the MAC address notification feature. Enables the Simple Network Management Protocol (SNMP) MAC address notification trap on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-45
Command Reference
Page 80
...-learned or configured. (Optional) Delete the specified dynamic secure MAC address. (Optional) Delete all This example shows how to remove a specific configured secure address from the MAC address table: Switch# clear port-security configured address 0008.0070.0007 2-48 Catalyst 3560 Switch Command Reference...or VLAN. (Optional) Delete the specified secure MAC address from the specified VLAN. clear port-security Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security Use the clear port-security privileged EXEC command to delete from the MAC address table all secure addresses...
...-learned or configured. (Optional) Delete the specified dynamic secure MAC address. (Optional) Delete all This example shows how to remove a specific configured secure address from the MAC address table: Switch# clear port-security configured address 0008.0070.0007 2-48 Catalyst 3560 Switch Command Reference...or VLAN. (Optional) Delete the specified secure MAC address from the specified VLAN. clear port-security Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security Use the clear port-security privileged EXEC command to delete from the MAC address table all secure addresses...
Command Reference
Page 81
... Command Description switchport port-security Enables port security on a value secure interface. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security This example shows how to remove all the dynamic secure addresses learned on a specific interface: Switch# clear port-security dynamic interface gigabitethernet0/1 This example shows how to remove all the...
... Command Description switchport port-security Enables port security on a value secure interface. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands clear port-security This example shows how to remove all the dynamic secure addresses learned on a specific interface: Switch# clear port-security dynamic interface gigabitethernet0/1 This example shows how to remove all the...
Command Reference
Page 102
...host sender-mac | sender-mac sender-mac-mask} [{any command. Specify the sender IP address. Deny the specified sender IP address. Deny a specific sender MAC address. Deny the specified target MAC address. Deny the sender MAC address. Deny the specified range of the ARP access list, there... ip any IP or MAC address. Deny the specified target IP address. deny (ARP access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (ARP access-list configuration) Use the deny Address Resolution Protocol (ARP) access-list configuration command to remove the specified ...
...host sender-mac | sender-mac sender-mac-mask} [{any command. Specify the sender IP address. Deny the specified sender IP address. Deny a specific sender MAC address. Deny the specified target MAC address. Deny the sender MAC address. Deny the specified range of the ARP access list, there... ip any IP or MAC address. Deny the specified target IP address. deny (ARP access-list configuration) Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (ARP access-list configuration) Use the deny Address Resolution Protocol (ARP) access-list configuration command to remove the specified ...
Command Reference
Page 107
...Command History Release 12.2(25)SED Modification This command was introduced. Usage Guidelines The deny (IPv6 access-list configuration mode) command is IPv6-specific. To add a new statement anywhere other than at least one entry. Therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery ...to /64 and EUI-based /128 prefixes for the protocol argument matches against the IPv6 header of 10. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (IPv6 access-list configuration) Note Although visible in the command-line help strings, the flow-label, routing, and ...
...Command History Release 12.2(25)SED Modification This command was introduced. Usage Guidelines The deny (IPv6 access-list configuration mode) command is IPv6-specific. To add a new statement anywhere other than at least one entry. Therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery ...to /64 and EUI-based /128 prefixes for the protocol argument matches against the IPv6 header of 10. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands deny (IPv6 access-list configuration) Note Although visible in the command-line help strings, the flow-label, routing, and ...
Command Reference
Page 128
... the client before resending the request. dot1x max-reauth-req Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-reauth-req Use the dot1x max-reauth-req interface configuration command to set 4 as unreliable links or specific behavioral problems with certain clients and authentication servers. dot1x max-reauth-req count no dot1x...
... the client before resending the request. dot1x max-reauth-req Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-reauth-req Use the dot1x max-reauth-req interface configuration command to set 4 as unreliable links or specific behavioral problems with certain clients and authentication servers. dot1x max-reauth-req count no dot1x...
Command Reference
Page 129
...-request/identity frame from the client before resending the request. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-req dot1x max-req Use the dot1x max-req interface configuration command to set 5 as unreliable links or specific behavioral problems with certain clients and authentication servers. Use the no response is received...
...-request/identity frame from the client before resending the request. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x max-req dot1x max-req Use the dot1x max-req interface configuration command to set 5 as unreliable links or specific behavioral problems with certain clients and authentication servers. Use the no response is received...
Command Reference
Page 131
...the client to the authorized state without IEEE 802.1x-based authentication of an IEEE 802.1x-enabled port to enable IEEE 802.1x on a specific port. Deny all access through the port. Disable IEEE 802.1x authentication on a dynamic port, an error message appears, and IEEE 802....1x is force-authorized. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x port-control dot1x port-control Use the dot1x port-control interface configuration command to the default setting. Use the no dot1x port...
...the client to the authorized state without IEEE 802.1x-based authentication of an IEEE 802.1x-enabled port to enable IEEE 802.1x on a specific port. Deny all access through the port. Disable IEEE 802.1x authentication on a dynamic port, an error message appears, and IEEE 802....1x is force-authorized. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x port-control dot1x port-control Use the dot1x port-control interface configuration command to the default setting. Use the no dot1x port...
Command Reference
Page 132
....1x is not enabled. Examples This example shows how to enable IEEE 802.1x on a specific port, use the no dot1x port-control interface configuration command. dot1x port-control Chapter 2 Catalyst 3560 Switch Cisco IOS Commands • EtherChannel port-Do not configure a port that is a SPAN or RSPAN...to enable IEEE 802.1x on a not-yet active port of an EtherChannel as a SPAN or RSPAN destination. Note In software releases earlier than Cisco IOS Release 12.2(20)SE, if IEEE 802.1x is enabled on a port: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# dot1x port-...
....1x is not enabled. Examples This example shows how to enable IEEE 802.1x on a specific port, use the no dot1x port-control interface configuration command. dot1x port-control Chapter 2 Catalyst 3560 Switch Cisco IOS Commands • EtherChannel port-Do not configure a port that is a SPAN or RSPAN...to enable IEEE 802.1x on a not-yet active port of an EtherChannel as a SPAN or RSPAN destination. Note In software releases earlier than Cisco IOS Release 12.2(20)SE, if IEEE 802.1x is enabled on a port: Switch(config)# interface gigabitethernet0/1 Switch(config-if)# dot1x port-...
Command Reference
Page 137
... EAP request frame: Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as unreliable links or specific behavioral problems with certain clients and authentication servers. Displays IEEE 802.1x status for all ports. 78-16405-05 Catalyst 3560 Switch ...interface configuration command. During the quiet period, the switch does not accept or initiate any authentication requests. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x timeout Usage Guidelines You should change the default value of this command only to adjust for unusual circumstances such as ...
... EAP request frame: Switch(config-if)# dot1x timeout supp-timeout 45 This example shows how to set 60 as unreliable links or specific behavioral problems with certain clients and authentication servers. Displays IEEE 802.1x status for all ports. 78-16405-05 Catalyst 3560 Switch ...interface configuration command. During the quiet period, the switch does not accept or initiate any authentication requests. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands dot1x timeout Usage Guidelines You should change the default value of this command only to adjust for unusual circumstances such as ...
Command Reference
Page 140
errdisable detect cause Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable detect cause Use the errdisable detect cause global configuration command to enable error-disabled detection for the Dynamic Trunking Protocol (DTP) flapping. Enable error detection for a specific cause or all causes. Enable error detection for dynamic Address Resolution Protocol (ARP) inspection. The...
errdisable detect cause Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable detect cause Use the errdisable detect cause global configuration command to enable error-disabled detection for the Dynamic Trunking Protocol (DTP) flapping. Enable error detection for a specific cause or all causes. Enable error detection for dynamic Address Resolution Protocol (ARP) inspection. The...
Command Reference
Page 142
...error-disabled state. Enable the timer to recover from the link-flap error-disabled state. Enable the timer to recover from a specific cause. Note On the Catalyst 3560 switch, this command to return to recover from the DHCP snooping error-disabled state. Enable the...udld Enable the error-disabled mechanism to recover from an IEEE 802.1x-violation disabled state. errdisable recovery Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable recovery Use the errdisable recovery global configuration command to recover from a loopback error-disabled state. Use the no ...
...error-disabled state. Enable the timer to recover from the link-flap error-disabled state. Enable the timer to recover from a specific cause. Note On the Catalyst 3560 switch, this command to return to recover from the DHCP snooping error-disabled state. Enable the...udld Enable the error-disabled mechanism to recover from an IEEE 802.1x-violation disabled state. errdisable recovery Chapter 2 Catalyst 3560 Switch Cisco IOS Commands errdisable recovery Use the errdisable recovery global configuration command to recover from a loopback error-disabled state. Use the no ...
Command Reference
Page 167
Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip arp inspection validate ip arp inspection validate Use the ip arp inspection validate global configuration command to the default settings. This check ... was introduced. If you first specify the src-mac keyword, you first specify the ip keyword, no form of this command to return to perform specific checks for invalid and unexpected IP addresses. Compare the ARP body for dynamic Address Resolution Protocol (ARP) inspection. Syntax Description src-mac dst-mac ip...
Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip arp inspection validate ip arp inspection validate Use the ip arp inspection validate global configuration command to the default settings. This check ... was introduced. If you first specify the src-mac keyword, you first specify the ip keyword, no form of this command to return to perform specific checks for invalid and unexpected IP addresses. Compare the ARP body for dynamic Address Resolution Protocol (ARP) inspection. Syntax Description src-mac dst-mac ip...
Command Reference
Page 208
Displays the IP source guard configuration on the switch or on the switch. Displays the IP source bindings on a specific interface. 2-176 Catalyst 3560 Switch Command Reference 78-16405-05 ip source binding Related Commands Command ip verify source show ip source binding show ip verify source Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Description Enables IP source guard on an interface.
Displays the IP source guard configuration on the switch or on the switch. Displays the IP source bindings on a specific interface. 2-176 Catalyst 3560 Switch Command Reference 78-16405-05 ip source binding Related Commands Command ip verify source show ip source binding show ip verify source Chapter 2 Catalyst 3560 Switch Cisco IOS Commands Description Enables IP source guard on an interface.
Command Reference
Page 211
... source guard configuration on the switch or on an interface. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip verify source ip verify source Use the ip verify source interface configuration command to enable IP source guard on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-179 Defaults IP source guard...
... source guard configuration on the switch or on an interface. Chapter 2 Catalyst 3560 Switch Cisco IOS Commands ip verify source ip verify source Use the ip verify source interface configuration command to enable IP source guard on a specific interface. 78-16405-05 Catalyst 3560 Switch Command Reference 2-179 Defaults IP source guard...